ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Home Assistant Assist

v1.1.1

Control Home Assistant smart home devices using the Assist (Conversation) API. Use this skill when the user wants to control smart home entities - lights, sw...

6· 2.9k·12 current·12 all-time
byDevCats@developmentcats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (control Home Assistant via Assist) match the declared requirements: curl, HASS_SERVER, and HASS_TOKEN. Nothing requested (no unrelated cloud keys, no OS config paths) is out of scope for a Home Assistant integration.
Instruction Scope
SKILL.md is instruction-only and limited to a single API call (POST to /api/conversation/process) and relaying response.speech.plain.speech. It does not instruct reading other files, searching system state, or contacting other external endpoints. The guidance to 'trust Assist' and 'fire and forget' is a design choice (it delegates intent parsing to HA) and not an instruction to access unrelated data.
Install Mechanism
There is no install spec or code to download — instruction-only skill. Low risk: nothing is written to disk by the skill package itself; it relies on curl being present at runtime.
Credentials
Only HASS_SERVER and HASS_TOKEN are required and HASS_TOKEN is correctly declared as the primary credential. These are proportionate to the skill's functionality. Note: Home Assistant long-lived tokens grant whatever permissions the associated user has, so token scope is effectively the user's privileges.
Persistence & Privilege
Skill does not request always:true, has no install hooks, and is user-invocable only. It does not modify other skills or system-wide settings. Agent autonomous invocation is default but not combined with other red flags here.
Scan Findings in Context
[base64-block] unexpected: A base64-encoded SVG/badge was detected in the README (embedded badge image). This is a documentation artifact and not used at runtime by the SKILL.md instructions. It's flagged as a pattern that can be used in prompt-injection scenarios, but here it appears harmless and not relevant to the skill's operation.
Assessment
This skill is coherent with its description and appears to do only what it claims: forward natural language to Home Assistant's Assist API and relay the reply. Before installing, consider the following: (1) HASS_TOKEN is a long-lived access token tied to a Home Assistant user — anyone with it can act as that user. Prefer creating a dedicated Home Assistant user with limited permissions for OpenClaw, rather than using your personal/admin token. (2) Host the HASS_SERVER URL over HTTPS and ensure network access is restricted as appropriate. (3) Be aware that 'fire and forget' means the skill will execute whatever Assist maps the phrase to (including potentially sensitive actions such as unlocking doors if the token permits). If you need extra safety, restrict the account's permissions or avoid giving the skill control of critical entities. (4) The base64 badge flagged by the scanner is only in documentation and not executed at runtime. If you want higher assurance, review the skill's upstream repo (provided homepage) or run the skill in a non-production environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk9765t1epjknzzate47nga05xs81qkxs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏠 Clawdis
Binscurl
EnvHASS_SERVER, HASS_TOKEN
Primary envHASS_TOKEN

Comments